Gary Berman, Founder & Host of The "Cyber Hero Adventures Show" at cyberheroescomics.com. Creator of The CyberHero Adventures: Defenders of the Digital Universe
Today, my conversation continues with Dr. George Shea, chief technologist at the Foundation for Defense of Democracies Center on Cyber and Technology Innovation (CCTI) and Transformative Cyber Innovation Lab (TCIL). We discuss, among other things, why it is so critical that public-private partnerships are critical in protecting national and cybersecurity.
#cybersecurity#nationalsecurity#infosec
Hi, everyone. This is Gary Berman, host of the Cyber Hero Adventures show coming to you from Reagan International Airport. So if you're some announcements, that's what that is. And we have a very, very special briefing today with Doctor Georgina Shea, who's going to share with us some of the key takeaways from an amazing event, Georgiana or also George, welcome to the show. Thank you. Recent testimony with Director Ray from the FBI was there, and he said that China has something like a 50 to 1 cybersecurity. Personnel advantage over the United States. Whatever the order of magnitude, it's, you know, significant. You know what? There was quite a bit of discussion yesterday and also in your report about workforce development and can you share with us a little bit about that? Yeah. But you know, just on that point where there is a, a briefing I had seen years ago by years ago, 10-15 years ago, it was a while ago, it was called shift happens. And it was all about that's what the FSHIFT happens. Shift happens and it was all about the the, the statistics of China. So like for every. I don't know, I forgot the exact number. So I'm going to make them up. For every honor student we have in the country, they have 1000 honor students. For every, you know, person they have you know like 10,000 people. So just the sheer numbers of people. It kind of goes back to my earlier point about the the level of effort we put into like pin testing our systems. For every one person, PIN testing our systems, they have 100 people, thousand people. I don't know the numbers 2. Dedicate their everyday job towards that to penetrate that well. I mean that's an interesting sort of point. I was doing an interview with Admiral Montgomery just earlier and we talked about this and he said well, but it's also, you know, quality, you know that our people, you know, are better. However, he said at some point just the sheer sort of law of numbers or that kind of thing, you know, your your advantages are can be diminished. Yep. I'm not gonna argue that we're better or not better, but I will state that, and again, I don't know the numbers off the top of my head. If you look at the statistics on how systems are compromised, and they're usually compromised through basic cyber hygiene not being followed, which is not an advanced attack, isn't that something? Wrong fishing. Yeah. Someone clicked on a link. So it's even if you're the most sophisticated system or the most respected defense group, you always have humans in the loop, so your system becomes susceptible. Yeah. You know you use the word shift as he left left. There's also one of your recommendations to paraphrase, kind of a shift up, you know to be able to get alignment from CEOs and. From board members, can you amplify that a little bit? Sure. So in I, I find that especially in cyber security, everyone sort of lives in their own sector, their own ecosystem of of cyber. So if you're in healthcare, you're following HIPAA. If you're under, you know, the defense industrial base, you're following RMF. But you know when you get into energy, water, a lot of these organizations are privately owned. So it's not a government organization owns your water company. So you know, if there's going to be some type of big national attack or something on energy, water keeps that energy and water. Those are two very critical things that we need. Those are privately owned and operated. So you're going to have to have some cooperation, understanding and relationships and public, public, private partnership between government and private industry to ensure that you're you're you're addressing the issue and you're finding that way to be, it seems, you know, frustrating I think too. Many people, you know that we haven't made more progress on P3 Public private partnerships. This is something that is easy to understand but hard to implement. Is that a fair assessment or things are better? I guess things are better. I think it's become a more common term, the public private partnership 3P. We have our Isaacs that are helping incorporating that with a lot of the different sectors that I'm sure it's not easy, but it's it's a continual improvement process. Yeah, it's sort of like breaking down the silos, which is one of your recommendations or topics that you talk about. Maybe you can help our audience as we're beginning to wrap up here. When you do that, how do you breakdown silos and develop trust? Ah, I don't know how you develop trust amongst like I look more at the technology side. So it's not in the paper, but I'm looking at, you know technologies that help ensure trust so you can share information like 0 knowledge proofs. So zero knowledge proofs can, you know, help people have information without sharing the that's the private information. Well, that's interesting. Yeah. So it's a way to trust the process. Without having to see the actual data. But you know, the thing about that is the criminals or threat actors couldn't care less. They're horizontally structured. They share information freely, they encourage it and stuff like that. How do the defenders who are vertically structured more or less because of intellectual property or competition or the patchwork of global federal, state regulatory frameworks, I mean, they're going to have to incorporate those. Kevin Belford, Kevin. Please complete information as. Baggage claim across from carousel number six that just by law they're not allowed to to share, you know Doctor georgina.shay@fd.org and as I said we'll we'll have a place that people can download the report. On behalf of a grateful digital universe, thanks for who you are and for what you do and most importantly why you do it.
Very true. With the challenge, it is even more important to share across organizations like the threat actors do. Shifting left, up to the board and to the community.
Cyber Security Sales ✔ Customer focused | Highly organized woman | Technical oriented | Helping my clients protect their data so it can be accessed safely anytime, anywhere.
CISOs, we are at a critical juncture. We can't fight this war alone, not with the constant and more advanced dangers we face!
It's time to work together with our CIO colleagues to create a secure future by releasing the hold that silos have on us. Together, we can battle against isolation, a common adversary, and challenge the status quo.
Recall that dispersed security is a persistent threat that requires our whole attention rather than just a temporary setback.
Together, we are stronger. 💪🔒
In the comment, attached an article by Mike Riemer, our Field Chief Information Security Officer, to explore more about how we can innovate and grow while staying protected from cyber threats.
#CISO#CyberSecurity#CIOIntegrationIvanti
Through a series of proof-of-concept initiatives, threat analyses, research into best practices, and stakeholder collaboration, CIS has documented the evolving nature of the threat facing the United States, specifically the increasing interdependence of the cyber and physical domains. Learn more in Enhancing Safety in the Connected World — A National Framework for Action. https://bit.ly/3S9hHyb#cyberthreat#cybersecurity#cyberprotection
For companies aiming to work with the Department of Defense (DoD) or secure R&D funding, implementing a Zero Trust architecture is paramount. This security model, which requires continuous verification of all users and devices, aligns with DoD's stringent cybersecurity requirements. By adopting Zero Trust, companies can significantly bolster their defense against cyber threats, ensuring that sensitive data and systems are protected from both internal and external risks. Demonstrating robust Zero Trust practices not only enhances security but also positions companies as reliable partners, increasing their competitiveness for DoD contracts and R&D funding. Investing in Zero Trust is not just about compliance; it's about ensuring long-term security and operational resilience in the defense sector.
#zerotrust#galliumsolutions
As cyber adversaries continue to grow in sophistication, the principles of Zero Trust stand as pillars of resilience and defense against emerging threats. The recent DoD Zero Trust Symposium highlighted this critical concept, with a call to action for individuals and organizations to adapt and act decisively in the face of cyber threats. Listen to Day 1 of the Symposium here: https://lnkd.in/e7iDbbbi#Cybersecurity#ZeroTrust#DoDLeadership
💡 Discover threat-informed defense and its implementation with Ronan Lavelle from Validato at UK Cyber Week.
🚀 Gain insights into the dynamic realm of threat-informed defense during an enlightening session on 18 April at 15:20 (Culture & Strategy Stage).
🗝️ Secure your complimentary pass today: https://buff.ly/4avoxVt#cybersecurity#securitysolutions#ukcyberweek
Through a series of proof-of-concept initiatives, threat analyses, research into best practices, and stakeholder collaboration, CIS has documented the evolving nature of the threat facing the United States, specifically the increasing interdependence of the cyber and physical domains. Learn more in Enhancing Safety in the Connected World — A National Framework for Action. https://bit.ly/3S9hHyb#cyberthreat#cybersecurity#cyberprotection
MITRE's ATT&CK framework has traditionally been focused on APT groups but is increasingly incorporating techniques used by cybercriminal groups, which reflects the impact these groups have. Patrick Howell O'Neill, who is a Lead Cyber Operations Analyst at MITRE, joined us on Intel 471's Studio 471 series to chat about the changes.
Check out the episode here: https://hubs.la/Q02BmDJc0#mitreattack#cybersecurity#infosec
Helping people and organizations amplify their transformation and growth with Strategy, Coaching and AI
7moVery true. With the challenge, it is even more important to share across organizations like the threat actors do. Shifting left, up to the board and to the community.